Eduroam: detailed settings

Eduroam: detailed settings

Change your password

If your account was granted before May 1, 2013, you should first change your password (using the form at https://password.ugent.be/).

Technical info

The settings for Eduroam (preferred network) at UGent are the following:

  • Network Name/SSID: eduroam (lower case!) (is broadcast)
  • Security Type: WPA2 in combination with IEEE 802.1X (also known as WPA2-Enterprise)
  • Encryption Type: AES
  • Authentication method: PEAP
  • Authentication protocol: MSCHAP / Sub authentication method: EAP-MSCHAP V2

To connect, you must follow the steps which apply for your device and/or OS.

UGent uses certificates to secure the connection.

Windows 10 Home Edition if yo have problems

The following procedure can be a solution:

  1. Remove the Eduroam profile by 'forget the network'.
  2. Add again manually the Eduroam profile .
  3. Start the command prompt as administrator:
    • Klick on the Start button
    • Type cmd
    • Klick right on command prompt
    • Choose "Run as administrator"
    • Type the following in the command prompt:
      reg add "HKLM\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13" /v "TlsVersion" /t REG_DWORD /d "0x3c0" /f
  4. Try again to make the connection.

Currently there are some problems with the Security update for Microsoft Windows (KB3206632) and possibly also (KB3201845).
Remove the update, restart your computer and add again manually the Eduroam profile.

Windows 8 & 10: removing the Eduroam profile

If you receive the message that the profile already exists when adding eduroam, please follow the steps below:

Open the Commandprompt
Type the following and press enter to see the wireless configurations:
netsh wlan show profiles
If eduroam is available then run the following to remove de eduroam profile.
netsh wlan delete profile name="eduroam"
Add eduroam manually (next item).


Please read: Manage wireless network profiles

Windows 8 & 10 (laptop and tablet) add manually

  1. Open Control Panel (Windows key-x or press Start - Tiles and search for Control panel).
  2. Choose 'Network and Internet' - 'Network and Sharing Center'.
  3. Click 'Set up a new connection or network'.
  4. 'Manually connect to a wireless network'.
  5. Set SSID -> eduroam
    (If you get the message that the profile eduroam already exists this has to be deleted first! See below).
  6. Security type WPA2-Enterprise
  7. Encryption type: AES
  8. Security Key: leave empty
  9. Choose 'Start automatically this connection'
  10. Next
  11. Click on 'Change connection settings'.
  12. Go to tab 'Security'.
  13. Do not activate remember password.
  14. Choose a network authentication method:Microsoft: Protected EAP (PEAP).
  15. Click on 'Settings'.
  16. Activate 'Validate server certificate'
  17. Click on 'Configure' near 'Secured password (EAP-MSCHAP v2)'
  18. Disable 'Automatically use my Windows logon name and password' uit.
  19. Click 'OK' and 'Close'. You can connect with eduroam.

  20. Don't forget to add @ugent.be on your loginname (for example jtmaes@ugent.be).

Windows 7 (add manually)

  1. Go to "Start/Windows Button" and then "Control Panel"
  2. In the Control Panel select "Network and internet"
  3. Click "Network and Sharing Centre"
  4. Click "Manage wireless networks"
  5. Click "Add a wireless network"
  6. Select "Manually create a network profile"
  7. On the manual configuration screen, enter the Network Name "eduroam" (= the SSID). Make sure you enter eduroam, not Eduroam or EDUROAM.
  8. Select Security Type WPA2-Enterprise
  9. Select Encryption Type AES.
  10. Click 'Next'. The next screen will say that the network has been configured. There are still more settings however.
  11. Select 'Change connection settings'
  12. Select the Security tab
  13. Click "Settings" next to the PEAP option.
  14. In the Protected EAP properties panel select 'Configure Secured password (EAP-MSCHAP v2)'
  15. Uncheck the box to use your windows credentials
  16. Close the window about EAP-settings. Click 'Advanced settings' - 'Properties wireless network eduroam'.
  17. Chose: 'Verification from the user'.
  18. Click 'OK' through each menu to save your changes and return to the desktop.

All the settings you have made are stored in your computer and should not need re-entering each time you connect.

Once you click "Connect", you will be presented with an authentication dialogue box.

  • Enter your login name@ugent.be and your UGent password (DO NOT FORGET "@ugent.be").

At present, Windows 7 users get a 'Windows Security Alert' warning message.

  • Click "Details" and confirm it says
    Radius server: ugnps.UGent.be
    Root CA: AddTrust External CA Root
  • Then it is OK to click the Connect button. You will not get the warning again.

Windows Phone 7 (v7.5 en hoger)

  • Go to 'Settings' - 'Wi-Fi'.
  • Enable 'Wi-Fi'.
  • Select 'Eduroam' in the list of wireless networks.
  • Enter your login name@ugent.be and your UGent password (DO NOT FORGET "@ugent.be").
  • Select 'certification authority' with 'Validation Server Certificate' or move 'Validate Server Certificate' to the status 'enabled'.
  • Choose in the list of certificates 'AddTrust External CA Root'.
  • Choose 'EAP-methode' for 'PEAP MS-CHAP v2'
    Note: For some software versions 'PEAP' and 'MS-CHAP v2' must be set separately.
  • Click 'Done'.
  • There will be possible a report to determine whether you expect eduroam at this location, select 'YES'.
  • After a few seconds you are connected with Eduroam.

In case of certificate issues, install the TERENA SSL CA 3 certificate in advance: see Certificates.
Next, restart your phone and connect to Eduroam.

Windows Phone 8

  • Go to 'Settings' - 'Wi-Fi'.
  • Enable 'Wi-Fi'.
  • Select 'Eduroam' in de list of wireless networks.
  • Enter your login name@ugent.be and your UGent password (DO NOT FORGET "@ugent.be").
  • Convert 'Validate Server Certificate' to enabled. Open the list of certificates, click the button below.
  • Choose from the list of certificates 'TERENA SSL CA 3'.
  • Click 'done'.
  • There will be possible a report to determine whether you expect eduroam at this location, select 'YES'.
  • After a few seconds you are connected with Eduroam.

Mac OS X 10.7 and higher


If you have already installed before July 12 a config mobile file on your iPhone, iPad or Mac, you will have to remove this file again.
How to remove the Eduroam profile.


  • Select in the 'Apple-menu' dthe option 'System preferences'.
  • Select in the section 'Internet and wireless', 'Network'.
  • Be sure that the 'Wi-Fi' adapter is selected.
  • Click 'No Network selected'. The available networks are displayed.
  • Click 'Eduroam'.
  • Enter your login name@ugent.be and your UGent password (DO NOT FORGET "@ugent.be").
  • Select 'Remember this network'.
  • Click 'Connect'.
    The first time you connect, the question arises whether you trust the certificate offered by the network. This is a normal security question.
  • Choose 'Show certificate'.
  • Check that the certificate comes from 'TERENA SSL CA 3'. Check that you 'TERENA SSL CA 3' always trust.
  • Click 'Continue'. .
    It is possible that Mac OS login credentials are asked to accept the certificate / modify profile settings. Then enter the name and password of an administrator on your computer.
  • You are connected with Eduroam.

You can check whether you are properly connected to eduroam by clicking on the wireless network icon in the status bar (top).

Mac OS X 10.6 and lower

Manually add the eduroam network.

  • Click the Apple icon top left.
  • Click 'System preferences'.
  • Click 'Network'.
  • Click 'Add'.
  • Select 'Wifi' or 'Airport'.
  • Select 'Advanced'.
  • Go to the tab 802.1x
  • Click the '+' sign, select 'add profile' and fill out the information below.
    • Name the profile eduroam.
    • User Name: 'your login name@UGent.be'.
    • Password: your UGent password.
  • Click 'OK'
  • Click 'Apply'.
  • Click the wireless network icon in the status bar at the top.
  • Choose the network 'eduroam'.
  • Choose in the next window with "802.1X" the just created profile, making the username and password fields are filled in automatically.
    The first time you connect, the question arises whether you trust the certificate offered by the network. This is a normal security question.
  • Choose 'Show certificate'.
  • Check that the certificate comes from 'TERENA SSL CA 3'. Check that you 'TERENA SSL CA 3' always trust.
  • Click 'Continue'..
  • You are connected on Eduroam.

You can check whether you are properly connected to eduroam by clicking on the wireless network icon in the status bar (top).

Android smartphone

  • From the 'Android Home' screen, click 'Menu' and 'Settings'.
  • Click 'Wireless' (Wifi), click 'WiFi settings'.
  • If necessary, switch on the WiFi.
  • Select the following settings:
    • EAP method: PEAP
    • Phase 2 authentication: MSCHAPv2.
    • CA certificate: unspecified.
    • User certificate: unspecified.
  • Scroll down for the login credentials:
    • Identity: Enter your login name@ugent.be (DO NOT FORGET "@ugent.be").
    • Anonymous Identity: this field can be left blank.
    • Wireless Password: your UGent password
  • Click 'Done'.
  • click'Connect'.
  • After about 15sec you are connected with Eduroam.

ChromeOS

  • Go to Wireless networks.
  • Select 'Eduroam' and click 'settings'.
    • Security type: WPA2 Enterprise
    • Encryption type: AES
    • Authentication methode: PEAP
    • Authenticatiion protocol: MSCHAP
  • Enter your login name@ugent.be and your UGent password (DO NOT FORGET "@ugent.be").
  • Anonymous identity can be left blank.
  • Click 'Connect'.

Ubuntu

If the Network Manager has not been installed, you must do this first.

  • Verify that you are not connected to the network with a network cable.
  • Make sure the antenna of your laptop operates by switching on the wifi switch or button.
  • Click the network icon and choose 'Edit Connections..'. The available wireless networks will be displayed.
  • Select 'Eduroam' and fill in below:
    • Wireless Security: WPA & WPA2 Enterprise
    • Authentication: Protected EAP (PEAP)
    • Anonymous Identity can be left blank
    • CA-certificate: (CA Certificate File): select AddTrustExternalCARoot.pem
      The complete path to the certificate is: /etc/ssl/certs/AddTrust_External_Root.pem
      Working without a certificate in case of a problem with the certificate is possible. You will be warned if you do this.
    • PEAP version: Automatic
    • Internal Authentication: MSCHAPv2
    • Enter your login name@ugent.be and your UGent password (DO NOT FORGET "@ugent.be").
  • Click "Login to Network". The icon of the Network Manager is going to move. Your username and password are checked and an IP address is requested.
    Do not save your password.

Screenshots Ubuntu.

Blackberry (not supported)

Blackberry Z10

If you must import the certificate , follow the steps described in Import a certificate from your computer. Note: in case you are not certs folder will find, copy the certificate to the downloads folder. Import the from there, according to the steps described in the link above.

  • Select 'System Settings'
  • Select 'Network Connections'
  • Select Wifi
  • Click 'Eduroam'
  • Enter your login name@ugent.be and your UGent password (DO NOT FORGET "@ugent.be").
  • Click 'Advanced'
  • Enter the following:
    Security Sub Type: PEAP
    Inner Link Security: MSCHAPv2
  • Select the UGent CA-certificate.
  • Save and 'Connect'.

Blackberry Curve

  • Select Wifi
  • Scroll down to 'Settings, services and options' and choose 'WiFi network'.
  • Click network 'Eduroam'.
  • Enter your login name@ugent.be and your UGent password (DO NOT FORGET "@ugent.be").
  • Enter password.
  • CA-certificate: none selected.
  • Inner link security: EAP-MS-CHAP v2.
  • Token serial nr: none selected.
  • Check 'Disable validate server certificates'.
  • Save and 'Connect'.

The settings may not work for all models.

  • Name: eduroam
  • SSID: eduroam
  • Security type: WPA2 enterprise
  • Enterprise sub-type: PEAP
  • CA-certificate: none
  • Inner link security: EAP-MSChap v2
  • Token: none
  • Server subject: leeg laten
  • Server SAN: leeg laten
  • Disable server certificate validation: checked
  • Band Type: 802.11b/g/n
  • SSID broadcasted: checked
  • Automatically obtain IP address and DNS: checked
  • Allow inter-access point handover: not checked

Troubleshooting?

I can not connect.

  • Ensure that all institutions have been taken over correctly.
  • Turn off Wi-Fi on your device off and then on again.
  • It often helps to reboot once the unit.
  • You can select the settings of the Wi-Fi network to remove the network and choosing 'network password. All information, such as the password is deleted from your device. The wifi network will briefly disappear from the list and quickly re-emerge. At that point, you can reset the settings.